Published on: Not Yet Published
Last Modified on: 02/28/2023 07:25:00 PM UTC
NetHack is a single player dungeon exploration game. Starting with version 3.6.2 and prior to version 3.6.7, illegal input to the "C" (call) command can cause a buffer overflow and crash the NetHack process. This vulnerability may be a security issue for systems that have NetHack installed suid/sgid and for shared systems. For all systems, it may result in a process crash. This issue is resolved in NetHack 3.6.7. There are no known workarounds.
- CVE-2023-24809 has been assigned by security-adviso[email protected] to track the vulnerability - currently rated as MEDIUM severity.
- Affected Vendor/Software: NetHack - NetHack version = >= 3.6.2, < 3.6.7
CVSS3 Score: 5.5 - MEDIUM
|NetHack Call command buffer overflow · Advisory · NetHack/NetHack · GitHub|| github.com |
|NetHack 3.6.7: CVE-2023-24809|| nethack.org |
Related QID Numbers
- 503199 Alpine Linux Security Update for nethack
Exploit/POC from Github
NetHack is a single player dungeon exploration game. Starting with version 3.6.2 and prior to version 3.6.7, illegal …
Known Affected Configurations (CPE V2.3)